I have a little problem with escaping table name. I was so stupid that i choose "show" for the name of table. When I use mysqli connection the escaping works fine, but its not working with classical mysql connection. Any advise?
Sorry for my English, I am not native speaker.
SELECT SQL_CALC_FOUND_ROWS year, nameShow
FROM `show`
LIMIT 0, 10
I get error as
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'show' at line 2 –
Query
$sQuery = "
SELECT SQL_CALC_FOUND_ROWS year, nameShow
FROM `show`
$sWhere
$sOrder
$sLimit
";
Section 9.3 of MySQL 5.1 Reference Manual says back ticks (`) or double quotes ("), however, I'd go with Fahim Parkar's comment above and just rename the table.
Also worth noting, you must use ANSI_QUOTES SQL mode if using double quotes per Section 9.2:
If the ANSI_QUOTES SQL mode is enabled, it is also permissible to
quote identifiers within double quotation marks
The problem is with YEAR not with SHOW. YEAR is a MySQL function.
Best practice is to quote column and tables names all the time, makes things easy to read also.
Should be:
SELECT SQL_CALC_FOUND_ROWS `year`, `nameShow`
FROM `show`
LIMIT 0, 10
Backticks should work fine
try putting a comma after SQL_CALC_FOUND_ROWS,
SELECT SQL_CALC_FOUND_ROWS, year, nameShow
FROM `show`
LIMIT 0, 10
Related
hope someone can help me. I am trying to use the full search text MATCH and AGAINST.
I am getting this error
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''mytable' WHERE MATCH(user) AGAINST('alex') LIMIT 0, 25' at line 1
my example query is:
SELECT id, user FROM 'mytable' WHERE MATCH(user) AGAINST('alex') LIMIT 0, 25
You can only use backticks around table or column name, you can not use anything except backticks.
SELECT id, user FROM `mytable` WHERE MATCH(user) AGAINST('alex') LIMIT 0, 25
Where backticks required?
If your table or column name contains any MYSQL reserve word than you must need to use backtick around the name.
MYSQL Reserve Keywords and Words
You don't need to quote mytable. DOCS
SELECT id, user FROM mytable WHERE MATCH(user) AGAINST('alex') LIMIT 0, 25
For the error mentioned.
ALTER TABLE mytable ADD FULLTEXT index_name(user);
The fulltext index should contain exactly the same number of columns, in same order as mentioned in MATCH clause.
Here for more.
Is there any difference between the following two codes? Does putting '' around the column names have any effect in SQL run from a PHP program ?
Code 1: SELECT f.id FROM sample_table f;
Code 2: SELECT f.'id' FROM sample_table f;
Yes, it will break the SQL
Table and of Column names should not be quoted, only literal strings should be quoted.
If you need to wrap table or column names, then you use backticks (`) (at least for MySQL), not quotes (')
From the question I will imply that you are referring to SQL dialect where the single quote is a identifier escape character.
If that is the case, difference between them is that it is possible (but not recommended) to use reserved keywords as identifier names. For example:
will result in error: SELECT f.where FROM sample_table f;
works as expected: SELECT f.'where' FROM sample_table f;
I am relatively new to somewhat advanced MySQL querying. I had been trying to query the most recent order in an order table of a particular user using MySQL SELECT statement using the following MySQL query.
SELECT o1.* FROM order AS o1
WHERE o1.orderDateTime =
(
SELECT MAX(o2.orderDateTime) FROM order AS o2
WHERE o2.userId = '1'
)
But I had been constantly getting the following MySQL error #1064 related to MySQL syntax.
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order AS o1 WHERE o1.orderDateTime = (SELECT MAX(o2.orderDateTime)FROM order AS ' at line 1
I got similar errors in relation with INSERT statements but I managed to fix it up using the methods specified in MySQL 1064: You have an error in your SQL syntax
I made every effort to fix the query in the current case but I was still unsuccessful.
I would be grateful to you if someone can help me out with fixing this MySQL syntax error for SELECT clause specified above. It would be great if someone could specify me the exact reason for the occurrence of this issue, as well.
order is a reserved word and its a bad choice for table name. You need to escape using backticks in the query
SELECT o1.* FROM `order` AS o1
WHERE o1.orderDateTime = (
SELECT MAX(o2.orderDateTime) FROM `order` AS o2
WHERE o2.userId = '1'
)
http://dev.mysql.com/doc/mysqld-version-reference/en/mysqld-version-reference-reservedwords-5-5.html
As per #Abhik, order is a MySQL keyword.
And you should avoid collapse with two methods:
Use backticks (`) (#Abhik has already explained this.)
Prepend Database name before Table Name e.g.
DataBase_Name.order.
But, still #Abhik's approach is preferable as in case of database name change, you need to change DataBase name in your query.
First of all you could follow #Abhik Chakraborty suggestion to include back ticks around order table name. order is a reserved word in mysql. My suggestion was to improve your sql query. YOu could acomplish the same using:
SELECT o1.* FROM `order` o1
WHERE o1.userId = '1' order by orderDateTime desc limit 1
the subquery seems unnecessary.
I have never seen this problem. I want to make a MySQL query (insert, update, select) but MySQL gives an error.
My query:
SELECT * FROM option
and error:
[You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'option' at line 1]
but if i put ``
SELECT * FROM `option`
it's working. What can i do?
option is reserved word for MySQL you need to enclose it with backticks or avoid it by changing table name
SELECT * FROM `option`
Option is a reserved keyword in MySQL (SQL).
So, after using backtick (`), it is not considered as keyword.
You need to use backtick for option, Since it is a reverse word.
Try this:
SELECT * FROM `option`;
Refer: http://dev.mysql.com/doc/mysqld-version-reference/en/mysqld-version-reference-reservedwords-5-5.html
option is a keyword
check it here
http://dev.mysql.com/doc/refman/4.1/en/reserved-words.html
use backtick for option
select * from 'option'
I am using a particular query for inserting records. It is going well. I am even fetching records with a select query. But my problem is that, if the record contains single quotes ' ', then it gives me this error:
> NOTE:You have an error in your SQL syntax;
> check the manual that corresponds to your MySQL server
> version for the right syntax to use near 'B''' at line 1
The SELECT query is:
$result= mysql_query("SELECT s.name,
s.sid as sid,
s.category,
p.name as pname
FROM poet p
INNER JOIN song s
ON p.pid = s.pid
WHERE s.name= '$sid'") or die(mysql_error());
What should I do to skip quotes problem in this. When I want quotes to insert in my records.
Your problem is much worse than this -- what if someone enters the value '; DROP TABLE poet; --? You need to use either mysql_real_escape_string() to escape the value, or use parametrized queries (with PDO, for example).
It's 2011, for crying out loud. Why is SQL injection still a widespread problem?
You have to escape the data
$sid = mysql_real_escape_string($sid);
use http://www.php.net/manual/en/function.mysql-real-escape-string.php function on your string to quote "'" and other special symbols
Other way to prevent injection - use different connections (login-passwords) with different rights for inserting and selecting. In this case mysql_real_escape_string wi9ll work good